Skip Navigation

GrapheneOS version 2024103100 released

grapheneos.org GrapheneOS releases

Official releases of GrapheneOS, a security and privacy focused mobile OS with Android app compatibility.

GrapheneOS releases

Tags:

  • 2024103100 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, emulator, generic, other targets)

Changes since the 2024102400 release:

  • improve our existing fix for an upstream Android bug impacting apps using the telephony service in secondary users to fix support for disabling re-routing of Google Play location requests to the OS for fresh installs of sandboxed Google Play since the release of Android 15
  • Sandboxed Google Play compatibility layer: extend wired Android Auto toggle to additional methods used in edge cases
  • fix changing USB-C port control setting to a lower security level not fully applying until after locking and unlocking
  • Settings: fix per-app exploit protection toggles for Private Space
  • Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold: disable Wi-Fi HAL debug logging to avoid memory corruption caught by hardware memory tagging on GrapheneOS
  • raise system log buffer size from 256KiB to 512KiB to make logs obtained by users reporting issues more useful
  • enable stamp configuration for microdroid kernel builds to set LOCALVERSION based on version control information as expected
  • kernel (6.6): disable unused hibernation support
  • kernel (6.6): disable unused TIOCSTI ioctl (already blocked via standard Android SELinux ioctl filtering)
  • kernel (6.6): disable unused cachestat system call (already blocked for apps via standard Android seccomp-bpf policy)
  • kernel (6.6): enable random kmalloc caches for x86_64 and microdroid too, not only bare metal arm64
  • kernel (6.6): enable full struct randomization for x86_64 and microdroid too, not only bare metal arm64
  • kernel (6.6): enable DEBUG_SG for microdroid too, not only bare metal
  • kernel (6.6): enable FORTIFY_SOURCE for microdroid too, not only bare metal
  • kernel (6.6): disable BINFMT_MISC for microdroid too, not only bare metal
  • kernel (6.6): disable RSEQ for microdroid too, not only bare metal
  • kernel (6.6): add SYSRQ restrictions for microdroid too, not only bare metal
  • kernel (6.6): use the same KFENCE configuration for microdroid as bare metal
  • mark Sensors permission as implicitly added
  • avoid adding Sensors permission to hasCode=false packages
  • improve our implementation of extending verified boot to out-of-band shared library APK updates
  • Log Viewer: add userType line to header in non-Owner users
  • Log Viewer: add targetSdk and sharedUid to package info header
  • System Updater: update minimum and target API level to 35 (Android 15)
  • adevtool: update carrier settings
  • Vanadium: update to version 130.0.6723.86.0
  • Info: update to version 5
  • Auditor: update to version 87
  • Sandboxed Google Play compatibility layer: fix development support in OS debug builds
0
0 comments